Add CI and Zig security audit workflow

[midasdf]

User description

Summary

• GitHub Actions CI: build, test, format check
• Zig security audit: tracks unsafe/low-level patterns
• Runs on push, PR, and weekly schedule (Monday 00:00 UTC)

check job

• zig fmt --check src/ — format verification
• zig build — compilation check
• zig build test — test execution (where available)

security-audit job

• Scans: @ptrCast, @ptrFromInt, @intFromPtr, @alignCast, catch unreachable, orelse unreachable, @setRuntimeSafety(false), @cImport
• Reports pattern counts in Actions job summary
• Adds warning annotations on changed files in PRs
• Informational only — does not block CI

---

CodeAnt-AI Description

Add automated CI checks and a Zig security audit

What Changed

• Runs format checks, test builds, and a weekly security scan automatically on pushes and pull requests
• Keeps format check from blocking the rest of the CI run when it fails
• Adds PR warnings and a summary for risky Zig patterns so reviewers can spot unsafe changes faster

Impact

✅ Earlier test failures
✅ Faster review of risky Zig changes
✅ Fewer unsafe patterns reaching main

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes. Give us feedback}

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[codeant-ai]

CodeAnt AI is running Incremental review

[coderabbitai]

Warning

Rate limit exceeded

@midasdf has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 0 minutes and 6 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 0 minutes and 6 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fb36b288-c3d5-4fd1-bbd6-b4ab3905634a

📥 Commits

Reviewing files that changed from the base of the PR and between accfb46 and 39c3635.

📒 Files selected for processing (1)

• .github/workflows/ci.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/add-security-workflow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[deepsource-io]

DeepSource Code Review

We reviewed changes in accfb46...39c3635 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade

Security   Reliability   Complexity   Hygiene

Code Review Summary

Analyzer	Status	Updated (UTC)	Details
Secrets		Apr 2, 2026 8:13p.m.	Review ↗

[codeant-ai]

CodeAnt AI Incremental review completed.